Commit | Line | Data |
---|---|---|
0a49a7a4 | 1 | /* $Cambridge: exim/src/src/auths/check_serv_cond.c,v 1.3 2009/11/16 19:50:38 nm4 Exp $ */ |
16ff981e PH |
2 | |
3 | /************************************************* | |
4 | * Exim - an Internet mail transport agent * | |
5 | *************************************************/ | |
6 | ||
0a49a7a4 | 7 | /* Copyright (c) University of Cambridge 1995 - 2009 */ |
16ff981e PH |
8 | /* See the file NOTICE for conditions of use and distribution. */ |
9 | ||
10 | #include "../exim.h" | |
11 | ||
12 | /* This module contains the function server_condition(), which is used | |
13 | by all authenticators. */ | |
14 | ||
15 | ||
16 | /************************************************* | |
17 | * Check server_condition * | |
18 | *************************************************/ | |
19 | ||
20 | /* This function is called from the server code of all authenticators. For | |
21 | plaintext, it is always called: the argument cannot be empty, because for | |
22 | plaintext, setting server_condition is what enables it as a server | |
23 | authenticator. For all the other authenticators, this function is called after | |
24 | they have authenticated, to enable additional authorization to be done. | |
25 | ||
26 | Argument: the authenticator's instance block | |
27 | ||
28 | Returns: | |
29 | OK NULL argument, or success | |
30 | DEFER couldn't complete the check | |
31 | FAIL authentication failed | |
32 | */ | |
33 | ||
34 | int | |
35 | auth_check_serv_cond(auth_instance *ablock) | |
36 | { | |
37 | uschar *cond; | |
38 | ||
39 | HDEBUG(D_auth) | |
40 | { | |
41 | int i; | |
42 | debug_printf("%s authenticator:\n", ablock->name); | |
43 | for (i = 0; i < AUTH_VARS; i++) | |
44 | { | |
45 | if (auth_vars[i] != NULL) | |
46 | debug_printf(" $auth%d = %s\n", i + 1, auth_vars[i]); | |
47 | } | |
48 | for (i = 1; i <= expand_nmax; i++) | |
49 | debug_printf(" $%d = %.*s\n", i, expand_nlength[i], expand_nstring[i]); | |
50 | debug_print_string(ablock->server_debug_string); /* customized debug */ | |
51 | } | |
52 | ||
53 | /* For the plaintext authenticator, server_condition is never NULL. For the | |
54 | rest, an unset condition lets everything through. */ | |
55 | ||
56 | if (ablock->server_condition == NULL) return OK; | |
57 | cond = expand_string(ablock->server_condition); | |
58 | ||
59 | HDEBUG(D_auth) | |
60 | { | |
61 | if (cond == NULL) | |
62 | debug_printf("expansion failed: %s\n", expand_string_message); | |
63 | else | |
64 | debug_printf("expanded string: %s\n", cond); | |
65 | } | |
66 | ||
67 | /* A forced expansion failure causes authentication to fail. Other expansion | |
68 | failures yield DEFER, which will cause a temporary error code to be returned to | |
69 | the AUTH command. The problem is at the server end, so the client should try | |
70 | again later. */ | |
71 | ||
72 | if (cond == NULL) | |
73 | { | |
74 | if (expand_string_forcedfail) return FAIL; | |
75 | auth_defer_msg = expand_string_message; | |
76 | return DEFER; | |
77 | } | |
78 | ||
79 | /* Return FAIL for empty string, "0", "no", and "false"; return OK for | |
80 | "1", "yes", and "true"; return DEFER for anything else, with the string | |
81 | available as an error text for the user. */ | |
82 | ||
83 | if (*cond == 0 || | |
84 | Ustrcmp(cond, "0") == 0 || | |
85 | strcmpic(cond, US"no") == 0 || | |
86 | strcmpic(cond, US"false") == 0) | |
87 | return FAIL; | |
88 | ||
89 | if (Ustrcmp(cond, "1") == 0 || | |
90 | strcmpic(cond, US"yes") == 0 || | |
91 | strcmpic(cond, US"true") == 0) | |
92 | return OK; | |
93 | ||
94 | auth_defer_msg = cond; | |
95 | auth_defer_user_msg = string_sprintf(": %s", cond); | |
96 | return DEFER; | |
97 | } | |
98 | ||
99 | /* End of check_serv_cond.c */ |